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DETAILED ACTION 

1 . This office action is in response to applicant's amendment filed on 1 0 November 
2009. 

2. Claims 1 -37, 39-56, 58-75, 77-93 and 96-1 1 8 are pending. 

Response to Arguments 

Applicant's arguments with respect to the objection and rejections under 35 USC 
§ 101 and 102 have been considered fully considered and are persuasive. Therefore, 
the rejections and the objection have been withdrawn. However, upon further 
consideration of the amended claims, a new ground(s) of rejection is made. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 71-75 and 77-89 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

The limitations of claims claim 71-75 and 77-89 use the phrase "means for", but It 
is modified by some structure, material, or acts recited in the claim. It is unclear whether 
the recited structure, material, or acts are sufficient for performing the claimed function 
which would preclude application of 35 U.S.C. 112, sixth paragraph, because the 
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specification does not provide any specific structure closely associated to the recited 
functions in these claims. For instance, there are no descriptions in the disclosure for 
means (i.e., structure) that is used for comparing first security level information and 
second security level information, means for setting said security level of a port, means 
for storing said second security level in a label range information field of a forwarding 
table entry and means for any other functions performed in these claims. One skilled in 
the art cannot know what structure is meant for "means for" since no algorithms for 
performing the functions are described. 

A general allegation that these are simple programs that one skilled in the art can 
make is not sufficed. In order to meet the requirements for a claim in "means plus 
function" format the relevant algorithms should be disclosed in the specification. If 
applicant wishes to have the claim limitation treated under 35 U.S.C. 112, sixth 
paragraph, applicant is required to amend the claim so that the phrase "means for" or 
"step for" is clearly not modified by sufficient structure, material, or acts for performing 
the claimed function. 

If applicant does not wish to have the claim limitation treated under 35 U.S.C. 
1 1 2, sixth paragraph, applicant is required to amend the claim so that it will clearly not 
be a means (or step) plus function limitation {e.g., deleting the phrase "means for" or 
"step for"). 
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Claim Rejections - 35 USC § 102 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-17, 20-37, 39-42, 45-56, 58-61, 64-75, 77-80, 83-93, 96-102, 104-115, 
117 and 118 are rejected under 35 U.S.C. 102(b) as being anticipated by Antur et 
al (US 6,2124,558 B1). 

With regard to claims 1 , 2, 11 , 14, 27, 33, 34, 39, 49, 52, 53, 68, 71 , 72, 77, 87, 
90, 96, 99, 101 and 109, Antur discloses: 

A method and a system (see, e.g., col. 5, lines 25-65)comprising: 
a network interface (see, e.g., col. 7, lines 1-8); 
a processor (see, e.g., col. 2, lines 50-55); 

a computer readable storage medium coupled to said processor (see, e.g., col. 2, 
lines 50-55); 

computer instructions, encoded in said computer readable storage medium (see, 
e.g., col. 2, lines 50-63), 

comparing first security level information and second security level information 
(see, e.g., col. 4, lines 25-40); 

said first security level information represents a first security level, 

said second security level information represents a second security level (see, 
e.g., col. 2, lines 50-63), 

said means for comparing is coupled to said network interface (see, e.g., col. 2, 
lines 50-63, where the firewall corresponds to the recited means for comparing); 
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said first security level information is stored in a security label of a packet 
received at a network node of a network (see, e.g., col. 4, lines 29-34, where the packet 
header stores the packet security level), 

said second security level information is stored at said network node, after being 
received from another network node of said network (see, e.g., col. 4, lines 29-34, 
where the firewall security corresponds to the recited second security level information; 
col. 5, lines 1-10), 

said network comprises a plurality of network nodes, said network nodes 
comprise said network node and said another network node (see, e.g.. Fig. 2, col. 4, 
lines 63-67, where the firewall or the router is a node of the network), and 

said network nodes are configured to convey packets to one another via others 
of said network nodes (see, e.g.. Fig. 3, col. 4, lines 41-65); and 

indicating processing to be performed on said packet based on said comparing 
(see, e.g., col. 4, lines 59-65, where allowing a specific type of packet to go through the 
firewall is the indication of the type of process being performed on the packet), 

wherein said processing comprises 

determining whether to forward said packet from said network node to one of 
said network nodes (see, e.g., col. 4, lines 59-67, where if the packet is of the type that 
is not allowed to pass the firewall then it would be filtered which is a determination for 
forwarding). 

With regard to claims 3, 105 and 106, Antur discloses: 
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The method of claim 1 , wherein 

said first security level and said second security level implement one of a multi- 
level security paradigm and a multi-lateral security paradigm (see, e.g., col. 4, lines 25- 
30, where the three levels of security are multi-lateral security paradigm ; col. 5, lines 
10-20). 

With regard to claim 4, Antur discloses: 

The method of claim 1 , wherein said security label is one of an enumerated 
security label and a bitmap security label (see, e.g., col. 4, lines 30-34). 

With regard to claims 5, 91 and 98, Antur discloses: 

The method of claim 1 , wherein said second security level is a security level of a 
port of said network node (see, e.g., col. 2, lines 7-17). 

With regard to claims 6 and 93, Antur discloses: 

The method of claim 5, further comprising: 

setting said security level of said port (see, e.g., col. 4, lines 36-39). 

With regard to claims 7, 36, 40, 74, 78, 1 04, 1 07, 1 08, 1 1 0 and 1 11 , Antur 
discloses: 

The method of claim 6, wherein said setting said security level of said 
port comprises: 
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storing said second security level in a security label information field of an 
access control list entry (see, e.g., col. 5, lines 47-55; col. 8, lines 55-67). 

With regard to claims 8, 37, 41 , 56, 60, 75, 79, 1 12 and 114, Antur discloses: 
The method of claim 6, wherein said setting said security level of said port 
comprises: 

storing said second security level in a label range information field of a 
forwarding table entry (see, e.g., col. 6, lines 47-56, configuration information ). 

With regard to claim 9, Antur discloses: 

The method of claim 1 , wherein said processing comprises: 

dropping said packet, if said comparing indicates that said first security level is 

less than said second security level (see, e.g., col. 6, lines 47-56, security 

characteristic ). 

With regard to claim 10, Antur discloses: 

The method of claim 1 , wherein said processing comprises at least one of 
dropping said packet, redirecting said packet and rewriting said security label (see, e.g., 
col. 6, lines 57-59; col. 17, lines 28-36, where). 

With regard to claims 12 and 100, Antur discloses: 
The method of claim 1 1 , wherein 
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said security levels are a range of security levels (see, e.g., col. 1 , lines 50-62). 

With regard to claim 13, Antur discloses: 
The method of claim 12, wherein said processing comprises: 
dropping said packet, if said comparing indicates that said first security level is 
not within said range of security levels (see, e.g., col. 4, lines 52-56). 

With regard to claims 15, 55 and 59, Antur discloses: 
The method of claim 14, wherein said storing comprises: 
storing said second security level in a security label information field of an 
access control list entry (see, e.g., col. 5, lines 47-55; col. 8, lines 55-67). 

With regard to claim 16, Antur discloses: 
The method of claim 14, wherein said storing comprises: 
storing said second security level in a label range information field of a 
forwarding table entry (see, e.g., col. 5, lines 35-45). 

With regard to claims 17, 42, 61 , 80 and 102, Antur discloses: 
The method of claim 14, wherein said storing comprises: 
communicating said second security level from a first network node by registering 
said second security level in a context (see, e.g., col. 3, lines 63-67, col. 8, lines 58-67). 
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With regard to claim 20, Antur discloses: 

The method of claim 14, wherein said storing comprises: 

storing said second security level in a label range information field of forwarding 

table (see, e.g., col. 6, lines 47-56, configuration information ). 

With regard to claim 21, Antur discloses: 
The method of claim 14, wherein said storing comprises: 
storing said second security level in a port of said network node (see, e.g., col. 4, 
lines 36-39). 

With regard to claims 22 and 92, Antur discloses: 

The method of claim 21 , wherein 

said port is an egress port (see, e.g., col. 4, lines 36-39). 

With regard to claims 23, 45, 64 and 83, Antur discloses: 

The method of claim 1 , further comprising: 

determining said first security level (see, e.g., col. 2, lines 35-45). 

With regard to claims 24, 47, 66 and 85, Antur discloses: 
The method of claim 23, wherein said determining comprises: 
determining if an ingress port is marked as an access port ; and 
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setting a security level of said ingress port to said first security level, if said 
ingress port is marked as an access port (see, e.g., col. 4, lines 36-39; col. 5, lines 41- 
45). 

With regard to claims 25, 48, 67 and 86, Antur discloses: 
The method of claim 24, further comprising: 

setting said first security level information to said security level of said ingress 
port (see, e.g., col. 5, lines 45-52). 

With regard to claims 26, 46, 65 and 84, Antur s discloses: 
The method of claim 23, further comprising: 
authenticating a user having said first security level, wherein 
said determining is performed only if said user is authenticated (see, e.g., col. 1, 
lines 10-16; col. 4, lines 53-62). 

With regard to claims 28, 50, 69 and 88, Antur s discloses: 
The method of claim 27, wherein said performing said processing 
comprises: 

Performed said forwarding of said packet, if said indicating indicates that said 
packet is allowed to be forwarded; and dropping said packet, otherwise (see, e.g., col. 
5, lines 17-27 and col. 5, lines 42-50). 
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With regard to claim 29, Antur discloses: 

The method of claim 27, wherein said performing said processing 

comprises: 

forwarding said packet to a firewall, if said indicating indicates that said packet 
should be forwarded to said firewall (see, e.g., col. 4, lines 47-55). 

With regard to claims 30, 51, 70, 89 and 97, Antur discloses: 
The method of claim 1 , further comprising: 

stripping network security information from said packet; and adding subnetwork 
security information to said packet (see, e.g., col. 5, lines 17-30). 

With regard to claim 31, Antur discloses: 

The method of claim 30, wherein 

said network security information comprises said first security level 
information (see, e.g., col. 4, lines 47-57, where the passing of the packet through the 
security device to access a network implies that the security level of the network either 
Is the same as the security level of the security device or at acceptable range and the 
security level of the packet is acceptable by security device). 

With regard to claim 32, Antur discloses: 
The method of claim 30, wherein 
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said subnetworl< security information comprises said first security level 
information (see, e.g., col. 4, lines 45-57, where the passing of the packet through the 
security device to access a network implies that the security level of the network either 
is the same as the security level of the security device or at acceptable range and the 
security level of the packet is acceptable by security device). 

With regard to claims 35, 54 and 73, Antur discloses: 

The computer system of claim 33, wherein said computer instructions are further 
configured to cause said processor to: 

set said security level of a port, wherein 

said second security level is a security level of said port of said network node 
(see, e.g., col. 4, lines 35-46). 

With regard to claim 113, Antur discloses: 

The network device of claim 112, wherein said at least one forwarding 
table entry further comprises: 

a port identifier field, wherein a port identifier stored in said port identifier field 
identifies a port (see, e.g., col. 4, lines 35-46, it is inherent that the port identifier is 
stored in an identifier field). 



With regard to claim 115, Antur s discloses: 
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The network device of claim 113, wherein said at least one forwarding 
table entry further comprises: 

a media access control (MAC) address field (see, e.g., col. 3, lines 35-41); and 
a virtual local area network (VLAN) identifier field, wherein a combination of said 
MAC address field and said VLAN identifier field are associated with said port identifier 
field and said label range field (see, e.g., col. 3, lines 35-41; col. 4, lines 14-20). 

With regard to claim 117, Antur discloses: 

The network device of claim 114, wherein said at least one forwarding 
table entry further comprises: 

a media access control (MAC) address field configured to store a MAC address (see, 
e.g., col. 3, lines 35-41), wherein said MAC address is associated with a security label 
stored in said label range field (see, e.g., col. 3, lines 35-41; col. 4, lines 14-20). 

With regard to claim 118, Antur discloses: 

The network device of claim 112, wherein said at least one forwarding table entry 
further comprises: 

a virtual local area network (VLAN) identifier field, wherein a VLAN identifier 
stored in said VLAN identifier field identifies a VLAN, and said VLAN is associated with 
a security label stored in said label range field (see, e.g., col. 3, line 63-col. 4, line 20; 
col. 7, lines 36-40). 
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Allowable Subject Matter 

Claims 18, 19, 43, 44, 62, 63, 81, 82, 103 and 116 are objected to as being 
dependent upon a rejected base claim, but would be allowable if rewritten in 
independent form including all of the limitations of the base claim and any intervening 
claims. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO-892. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ABDULHAKIM NOBAHAR whose telephone number is 
(571)272-3808. The examiner can normally be reached on M-T 8-6. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. 

/A. N./ 

Abdulhakim Nobahar 
Examiner, Art Unit 2432 

/Gilberto Barron Jr./ 

Supervisory Patent Examiner, Art Unit 2432 



